Harry DuPape Apr 09 •
Solutions / Known Issues
On Monday, April 7th, 2014, a critical bug in OpenSSL was discovered which allows attackers to read memory information from servers with OpenSSL installed. This bug has been termed “Heartbleed” and it impacts servers that use the OpenSSL library to perform secure communications. Panopto is committed to the security of our customers' content and personal information, and since this vulnerability was disclosed we have performed a thorough audit of our services to assess any security risks.
Impact to Panopto Hosted services
As part of our audit engineers at Panopto have reviewed all of our services to check for vulnerability to this issue. Panopto data and web servers do not use OpenSSL and are not vulnerable. Panopto does use an Amazon maintained load balancer in our hosted environment which was vulnerable. This load balancer routes traffic to our servers, and does not store user information. Amazon has updated the load balancer and it is no longer vulnerable. Further, based on Amazon’s recommendation, Panopto is working to refresh our SSL certificate on that load balancer. We will update this post when the certificate has been refreshed.
Impact to Panopto on-premises installs
If you run a Panopto on-premises server, all Panopto server instances are safe from this vulnerability. If you have other machines in your topology, such as load balancers, you should follow up with the providers of those systems for any recommended actions.
Panopto can integrate with many other services, such as login providers and learning management systems, some of which may be vulnerable. If you use these integrations, we recommended that you contact the vendors of these systems for information about them and any recommended actions.